ahmido/TenantAtlas
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects 1 Releases Wiki Activity
7541b1eb41
TenantAtlas/apps/platform/tests/Feature/Filament/BaselineProfileFoundationScopeTest.php
ahmido 7541b1eb41 Spec 202: implement governance subject taxonomy and baseline scope V2 (#232) 
## Summary
- introduce the governance subject taxonomy registry and canonical Baseline Scope V2 normalization and persistence
- update baseline profile Filament surfaces, validation, capture/compare gating, and add the optional scope backfill command with audit logging
- add focused unit, feature, Filament, and browser smoke coverage for save-forward behavior, operation truth, authorization continuity, and invalid-scope rendering
- remove the duplicate legacy spec plan under `specs/001-governance-subject-taxonomy/plan.md`

## Verification
- `cd apps/platform && ./vendor/bin/sail artisan test --compact tests/Browser/Spec202GovernanceSubjectTaxonomySmokeTest.php`
- focused Spec 202 regression pack: `56 passed (300 assertions)`
- `cd apps/platform && ./vendor/bin/sail bin pint --dirty --format agent`

## Notes
- no schema migration required
- no new Filament asset registration required
- branch includes the final browser smoke test coverage for the current feature

Co-authored-by: Ahmed Darrazi <ahmed.darrazi@live.de>
Reviewed-on: #232
2026-04-13 15:33:33 +00:00

96 lines
3.5 KiB
PHP
Raw Blame History

<?php
declare(strict_types=1);
use App\Filament\Resources\BaselineProfileResource\Pages\CreateBaselineProfile;
use App\Filament\Resources\BaselineProfileResource\Pages\EditBaselineProfile;
use App\Models\BaselineProfile;
use Filament\Forms\Components\Select;
use Illuminate\Validation\ValidationException;
use Livewire\Livewire;
it('shows only baseline-supported foundation types in the baseline profile scope picker', function (): void {
[$user] = createUserWithTenant(role: 'owner');
Livewire::actingAs($user)
->test(CreateBaselineProfile::class)
->assertOk()
->assertFormFieldExists('scope_jsonb.foundation_types', function (Select $field): bool {
$options = $field->getOptions();
return $field->isMultiple()
&& ($options['assignmentFilter'] ?? null) === 'Assignment Filter'
&& ($options['intuneRoleDefinition'] ?? null) === 'Intune RBAC Role Definition'
&& ! array_key_exists('intuneRoleAssignment', $options);
});
});
it('persists baseline-supported foundation types on baseline profile create', function (): void {
[$user, $tenant] = createUserWithTenant(role: 'owner');
Livewire::actingAs($user)
->test(CreateBaselineProfile::class)
->fillForm([
'name' => 'RBAC baseline',
'scope_jsonb.policy_types' => [],
'scope_jsonb.foundation_types' => ['intuneRoleDefinition'],
])
->call('create')
->assertHasNoFormErrors()
->assertNotified();
$profile = BaselineProfile::query()
->where('workspace_id', (int) $tenant->workspace_id)
->where('name', 'RBAC baseline')
->sole();
expect(data_get($profile->scope_jsonb, 'foundation_types'))
->toBe(['intuneRoleDefinition']);
});
it('rejects unsupported foundation types when baseline profile scope is submitted', function (): void {
[$user] = createUserWithTenant(role: 'owner');
Livewire::actingAs($user)
->test(CreateBaselineProfile::class)
->fillForm([
'name' => 'Invalid RBAC baseline',
'scope_jsonb.policy_types' => [],
'scope_jsonb.foundation_types' => ['intuneRoleAssignment'],
])
->call('create')
->assertHasFormErrors(['scope_jsonb.foundation_types.0' => ['in']]);
expect(BaselineProfile::query()->where('name', 'Invalid RBAC baseline')->exists())->toBeFalse();
});
it('rejects inactive canonical foundation subject types when editing a baseline profile', function (): void {
[$user, $tenant] = createUserWithTenant(role: 'owner');
$profile = BaselineProfile::factory()->active()->create([
'workspace_id' => (int) $tenant->workspace_id,
'name' => 'Editable RBAC baseline',
]);
$component = Livewire::actingAs($user)
->test(EditBaselineProfile::class, ['record' => $profile->getKey()]);
$page = $component->instance();
$method = new \ReflectionMethod($page, 'mutateFormDataBeforeSave');
$method->setAccessible(true);
expect(fn () => $method->invoke($page, [
'scope_jsonb' => [
'version' => 2,
'entries' => [
[
'domain_key' => 'platform_foundation',
'subject_class' => 'configuration_resource',
'subject_type_keys' => ['intuneRoleAssignment'],
'filters' => [],
],
],
],
]))->toThrow(ValidationException::class, 'Inactive subject type');
});
Reference in New Issue View Git Blame Copy Permalink